Photo: Sundry Photography / Shutterstock.com
A hacker named Nam3L3ss announced on the popular cybercrime platform BreachForums that they had access to Amazon employee information, including names, phone numbers, email addresses, job titles, and other professional information. Amazon has confirmed the breach but clarified that a third-party vendor leaked the information and that Amazon and AWS systems weren’t affected.
The data comes from the 2023 MOVEit hack, in which a zero-day vulnerability in popular software vendor Progress Software’s MOVEit file transfer tool was exploited to target almost 2,800 organisations around the world and affect nearly 100 million individuals. According to Amazon’s statement, this third-party vendor, a real-estate company, was caught in the attack, which affected several of its vendors, including Amazon.

According to the e-commerce giant, only work contact information, such as email addresses, desk phone numbers, and work building locations, was compromised. More sensitive and personally identifiable information, such as social security numbers or employees’ financial information, wasn’t leaked.
That said, Amazon did not confirm the number of employees affected by the breach. Meanwhile, the hacker’s BreachForum post claims the leaked database contains 2.8 million lines. With Amazon’s employee count at nearly 1.5 million in 2023, it’s unclear whether employee data across the organisation has been breached.
What lends credibility to Nam3L3ss here is that this is the same hacker who has previously leaked databases containing employee information from several big companies, including BT, Delta Airlines, HP, Lenovo, and McDonald’s, among 25 others. This leaked data reportedly results from the MOVEit hack that affected the real-estate company that Amazon claims was breached.
In the News: 9 French newspapers sue X over unpaid content royalties